mirror of
https://github.com/google/nomulus.git
synced 2025-04-30 03:57:51 +02:00
430e136920
* Remove dos.xml from the configs We don't have dos config right now, and applying dos from "gcloud app deploy" is deprecated and has started causing problems. If we add dos configs, it should be using "gcloud app firewall-rules".
88 lines
3.3 KiB
YAML
88 lines
3.3 KiB
YAML
# To run the build locally, install cloud-build-local first.
|
|
# Then run:
|
|
# cloud-build-local --config=cloudbuild-deploy.yaml --dryrun=false \
|
|
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
|
|
#
|
|
# This will deploy the GAE config files and save the deployed tags in GCS.
|
|
#
|
|
# To manually trigger a build on GCB, run:
|
|
# gcloud builds submit --config=cloudbuild-deploy.yaml \
|
|
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
|
|
#
|
|
# To trigger a build automatically, follow the instructions below and add a trigger:
|
|
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
|
|
#
|
|
# Note: to work around issue in Spinnaker's 'Deployment Manifest' stage,
|
|
# variable references must avoid the ${var} format. Valid formats include
|
|
# $var or ${"${var}"}. This file uses the former. Since TAG_NAME and _ENV are
|
|
# expanded in the copies sent to Spinnaker, we preserve the brackets around
|
|
# them for safe pattern matching during release.
|
|
# See https://github.com/spinnaker/spinnaker/issues/3028 for more information.
|
|
steps:
|
|
# Pull the credential for nomulus tool.
|
|
- name: 'gcr.io/$PROJECT_ID/builder:latest'
|
|
entrypoint: /bin/bash
|
|
args:
|
|
- -c
|
|
- |
|
|
set -e
|
|
gcloud secrets versions access latest \
|
|
--secret nomulus-tool-cloudbuild-credential > tool-credential.json
|
|
# Deploy the GAE config files.
|
|
# First authorize the gcloud tool to use the credential json file, then
|
|
# download and unzip the tarball that contains the relevant config files
|
|
- name: 'gcr.io/$PROJECT_ID/builder:latest'
|
|
entrypoint: /bin/bash
|
|
args:
|
|
- -c
|
|
- |
|
|
set -e
|
|
gcloud auth activate-service-account --key-file=tool-credential.json
|
|
if [ ${_ENV} == production ]; then
|
|
project_id="domain-registry"
|
|
else
|
|
project_id="domain-registry-${_ENV}"
|
|
fi
|
|
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/${_ENV}.tar .
|
|
tar -xvf ${_ENV}.tar
|
|
for filename in cron dispatch index queue; do
|
|
gcloud -q --project $project_id app deploy \
|
|
default/WEB-INF/appengine-generated/$filename.yaml
|
|
done
|
|
# Save the deployed tag for the current environment on GCS, and update the
|
|
# mappings from Nomulus releases to Appengine versions.
|
|
- name: 'gcr.io/$PROJECT_ID/builder:latest'
|
|
entrypoint: /bin/bash
|
|
args:
|
|
- -c
|
|
- |
|
|
set -e
|
|
echo ${TAG_NAME} | \
|
|
gsutil cp - gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tag
|
|
# Update the release to AppEngine version mapping.
|
|
if [ ${_ENV} == production ]; then
|
|
project_id="domain-registry"
|
|
else
|
|
project_id="domain-registry-${_ENV}"
|
|
fi
|
|
local_map="nomulus.${_ENV}.tmp"
|
|
gcloud app versions list \
|
|
--project $project_id --hide-no-traffic \
|
|
--format="csv[no-heading](SERVICE,VERSION.ID)" | \
|
|
grep -e "^backend\|^default\|^pubapi\|^tools" |\
|
|
while read line; do echo "${TAG_NAME},$line"; done | tee "$local_map"
|
|
num_versions=$(cat "$local_map" | wc -l)
|
|
if [ "$num_versions" -ne 4 ]; then
|
|
echo "Expecting exactly four active services. Found $num_versions"
|
|
exit 1
|
|
fi
|
|
gsutil cp "$local_map" gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp
|
|
# Atomically append uploaded tmp file to nomulus.${_ENV}.versions
|
|
gsutil compose \
|
|
gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions \
|
|
gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp \
|
|
gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions
|
|
|
|
timeout: 3600s
|
|
options:
|
|
machineType: 'E2_HIGHCPU_32'
|